f6563d7eda2105f325e93ce391cb45302a750c7dc8ba04413a22136bbf1d5fce

General

Target

f6563d7eda2105f325e93ce391cb45302a750c7dc8ba04413a22136bbf1d5fce
Size

28.8MB
Sample

221127-a4664sge32
MD5

0ae17bde7847d156b5d22a4d0551a1ce
SHA1

91d767084e6adb51e73d07c04e61d03139cc1fa5
SHA256

f6563d7eda2105f325e93ce391cb45302a750c7dc8ba04413a22136bbf1d5fce
SHA512

bf3ef7d9acc5c87ca4d8c4064d27dfebc69d98c027e8706d4abe2fd67b23d49b425fd653206b6031d72eafd80b0de11730901493e3abb8089a8f9a3919b564f0
SSDEEP

786432:Bs+wPWM67qqlggy0vv/0fmWh0SXttOaMaiVxg/CLw:Bs+er62qlg8MOW29aT/CLw

Score

8^/10

Malware Config

Targets

- Target
  
  591369_8379_WCDMA_V000001/M76XXUSNEKOLYM1050.elf
- Size
  
  102.2MB
- MD5
  
  0449e7996910bc37e11c499c48e01109
- SHA1
  
  816e99e5ead94addb00d61e43ad2469cecc86745
- SHA256
  
  fd192071cff3c00f06e5f032953da076c362cd56382bb3cd7f56370baadc52b6
- SHA512
  
  aa7db0bdbdc679e5db59f70a70e7c09eca34a40e8afe0698735ceaf0c4ef3c808b8d03f61a9477068240bcc83199bbdbfef4a73862b8c81e4eb838316404f66b
- SSDEEP
  
  1572864:F1uZp1/kelmtqCzZ3Vxr/2G7g0IYkVMO7NMALnIkrgZkggdVGv0zZ3Vxr/2G7g0k:FIZ
Score

1^/10
behavioral1
- Target
  
  591369_8379_WCDMA_V000001/amss.mbn
- Size
  
  18.1MB
- MD5
  
  36144ab9583b1612aef47e6e96a4a017
- SHA1
  
  990017249ad813eb5afeff628a02e1e200ecbde8
- SHA256
  
  969258480c335567b7e254c528b1f5a7b7c49c4466ffd4180c90d20ca97d9b6c
- SHA512
  
  d31900518e69552deb5c91578ac7e3f67425df5a5b940af96f100a7f444ca62d2396411040b4d2b38ccb1d3d1c42416588e54d21ac2db77a3499c7ab3e0a7ced
- SSDEEP
  
  196608:uK9+3hgql7CfGRAqQWZtisWkLc4QEWOaHoJ3CfyOM17ZJKoMgVpS:T+Zt6kAAWqvOgVp
Score

1^/10
behavioral2
- Target
  
  591369_8379_WCDMA_V000001/qcsbl_USNEKOLYM.elf
- Size
  
  398KB
- MD5
  
  0c39f42499c2cc467dc6f7c8df6d9542
- SHA1
  
  bff792363947f3bb14ab8f71c5761a5961934350
- SHA256
  
  5ee33489021dd0b5765a0a0800009de21ba5caf3fbff39cc8a5430ca09ebb203
- SHA512
  
  83ff5d95dbc4ff38e7352aaa6299fccfa8f63e242294196e3969881f7f87037f38f3f666ec125ff8c1cb91b4c518c91f44400dff02e069207f701e362b4ac69f
- SSDEEP
  
  12288:zjq9Vw9W+JorIi1WifkRaMuzYl/bCzIUOv+:v2FO
Score

1^/10
behavioral3
- Target
  
  lpk.dll
- Size
  
  85KB
- MD5
  
  8f114be9125798a2e24ab55fafb09590
- SHA1
  
  aa070d571279542fe8c06a16f06afe6945d28d6e
- SHA256
  
  9a542bd4f4349030fcb8c557ce997be76a8f12c2bcf38a03dd918ff3f6c6a4e5
- SHA512
  
  b8cdcca1c5f9ae7701eaef596ff629e9febd3e3929c05aba62602821f311fd4edce8924576ff07dc6ed7094a7992e60bc44bbf9f7b9289bed21c97a41587201d
- SSDEEP
  
  1536:0O3H4UYT7knSEUHAC4H3Pt9tyHpO3H4UYn:RX4Uo7kSEdzXPtPyHsX4Uo
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral4 behavioral5

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5